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DETAILED ACTION 

Response to Arguments 

Applicant's arguments filed 05/12/06 have been fully considered but they are not 
persuasive because of following reasons. 

Applicant argued Alberg teaches away from the security functions being incorporated 
into the design of integrated development environment architecture. This is not found persuasive. 
The section quoted by the applicant enforces the need to design software such that it has "precise 
design of system functions and structures so that the resulting software is secure against state-of- 
the-art threats and can be demonstrated to be secure using state-of-the-art technology such as 
formal verification/proof technology." The test for obviousness is not whether the features of a 
secondary reference may be bodily incorporated into the structure of the primary 
reference. . .Rather, the test is what the combined teachings of those references would be 
suggested to those of ordinary skill in the art. The objective of the system of Alberg is to 
develop a system that is a protector device for enhancing the security of a computer system 
(column 2 lines 46-50). Therefore the system of Alberg would be added to the system of 
Bowman-Amuah in such a way that it does not change the system but builds on the system, thus 
enhancing it. 

Therefore, the examiner asserts that Bowman-Amuah and Alsberg do teach or suggest the 
subject matter broadly recited in independent Claims 1 and 7. Dependent Claims 2-6 and 8-16 
are also rejected at least by virtue of their dependency on independent claims and by other reason 
set forth in this office action. Accordingly, rejections for claims 1-16 are respectfully maintained. 
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Claim Rejections - 35 USC § 101 
35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

Claims 7 are directed to a method of designing security for an information technology 
system. The examiner asserts that the collection of information does not fall within the statutory 
classes listed in 35 USC 101. Thus, while the claimed invention might be labeled as a 
device/method the steps described do not result in tangible subject matter. The product of the 
steps recited in the claim seems to be a diagram to document security requirements that would be 
used to build a system. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claim 1-7 and 10-16 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bowman- Amuah (6,405,364 Bl) in view of Alsberg (4,672,572). 

In reference to claim 7, Bowman- Amuah discloses a system and method for building 
systems in a development architecture framework wherein security is integrated into the solution 
(abstract and fig. 2), the steps of the method comprising: identifying the security threats to the 
system (column 18 lines 30-36); determining the security properties within a reference model 
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(column 49 line 66 to column 50 lines 53), Bowman- Amuah lists the properties provided by the 
components of the overall security solution; assigning functional details of the plurality of 
security subsystems to an infrastructure, a plurality of components, and a plurality of operations 
of the system (column 124 lines 33-35), since the system requires security through out the 
system and therefore security properties need to be embedded in components of the solution; 
enumerating security requirements for infrastructure, components and operations (column 50 line 
54 to column 51 lines 14); developing integrity requirements (column 18 lines 32-36). 

Although Bowman- Amuah does not disclose creating a functional technology diagram, 
Bowman- Amuah does disclose documenting the process (column 17 lines 64-67), which 
performs the function of the functional technology diagram. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use the functional technology diagrams. One of ordinary skill in the art would 
have been motivated to do this because functional requirement diagrams capture the intended 
behavior of the system as shown in the documentation of the process that indicates the intended 
behavior; information that can later be used for testing. 

Bowman-Amuah does not expressly disclose the security subsystem that includes an 
audit subsystem, an integrity subsystem, and an information flow control subsystem. 

Alsberg discloses a protector device for enhancing security (abstract). The system 
includes an audit subsystem (column 6 lines 33-65), an integrity subsystem (column 7 lines 1- 
10), and an information flow control subsystem (column 8 lines 13-63). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to include audit subsystem, integrity subsystems, and information flow control 
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subsystems as in Alsberg in the system of Bowman- Amuah. One of ordinary skill in the art 
would have been motivated to do this because auditing potentially sensitive material, integrity 
subsystems, and controlling the information flow would increase the security of the system. 

Bowman- Amuah discloses a system and method for building systems in a development 
architecture framework wherein security is integrated into the solution; however the security 
framework of Bowman- Amuah does not disclose using a baseline of a security model 
comprising a plurality of interrelated and interdependent security subsystems. 

Perona discloses a system that performs rule checks in a two-way manner, restrictions 
such as licensing and source restrictions may be placed not only on system modules, but also on 
the applications using the security to be achieved (abstract). Therefore the modules of Perona 
include security properties in terms of a plurality of interconnected and interdependent security 
subsystems (column 4 lines 20-58 in combination of column Fig. 5). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to create a plurality of interconnected and interdependent security subsystems as in 
Perona in the system of Bowman- Amuah. One of ordinary skill in the art would have been 
motivated to do this because it would enable higher levels of security. 

In reference to claim 7, Bowman- Amuah discloses a system and method for building 
systems in a development architecture framework wherein security is integrated into the solution 
(abstract and fig. 2). The system for analyzing a solution including a plurality of components 
comprising: a first system, which identifies the security threats for the solution (column 18 lines 
30-36); a second system having a security reference model, (column49 line 66 to column 50 line 
53); a third system which is coupled to the second system and which allocates security properties 
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to the components of the information technology system based upon the selected functions which 
are derived from the nature and number of the security subsystems within the information 
technology system (column 51 lines 1-25); a fourth system which is coupled to the third system 
for allocating the security properties to the components of the information technology system 
and which identifies functional requirements for the components, in terms of the Common 
Criteria, in order to comply with the security properties of the component allocated by the third 
system (column 124 lines 33-35); 

Bowman- Amuah does not expressly disclose the system documenting the requirements 
for the security component, however Bowman- Amuah does discloses documentation of the 
process (column 17 lines 64-67), wherein the process satisfies the requirements the requirements 
and the process are related matter. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to document the requirements for the security component. One of ordinary skill in 
the art would have been motivated to do this because information that can later be used for 
testing wherein tests would be tailored to verify that the documented requirements have been 
satisfied. 

Bowman- Amuah does not expressly disclose the security subsystem that includes an 
audit subsystem, an integrity subsystem, and an information flow control subsystem. 

Alsberg discloses a protector device for enhancing security (abstract). The system 
includes an audit subsystem (column 6 lines 33-65), an integrity subsystem (column 7 lines 1- 
10), and an information flow control subsystem, the system to determine security properties and 
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functions of the information technology system in terms of the security subsystems (column 8 
lines 13-63). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to include audit subsystem, integrity subsystems, and information flow control 
subsystems as in Alsberg in the system of Bowman- Amuah. One of ordinary skill in the art 
would have been motivated to do this because auditing potentially sensitive material, integrity 
subsystems, and controlling the information flow would increase the security of the system. 

Bowman- Amuah discloses a system and method for building systems in a development 
architecture framework wherein security is integrated into the solution; however the security 
framework of Bowman- Amuah does not disclose using a baseline of a security model 
comprising a plurality of interrelated and interdependent security subsystems. 

Perona discloses a system that performs rule checks in a two-way manner, restrictions 
such as licensing and source restrictions may be placed not only on system modules, but also on 
the applications using the security to be achieved (abstract). Therefore the modules of Perona 
use a baseline of a security model comprising a plurality of interrelated and interdependent 
security subsystems (column 4 lines 20-58 in combination of column Fig. 5). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to create a plurality of interconnected and interdependent security subsystems as in 
Perona in the system of Bowman- Amuah. One of ordinary skill in the art would have been 
motivated to do this because it would enable higher levels of security. 
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In reference to claim 2, wherein the second system, which identifies security properties 
of the overall solution, includes a component that uses standard security subsystems for 
identifying security properties (column 49 line 66 to column 50 lines 53). 

In reference to claim 3 wherein the standard criteria for identifying security properties 
includes a system which maps functions of standard security subsystems to an ISO standard 
15408 also known as Common Criteria. 

Although Bowman- Amuah discloses the use of standards, Bowman- Amuah does not 
expressly disclose the use of industrial standards. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use industrial standards. One of ordinary skill in the art would have been 
motivated to do this because it would make the device compatible with other devices in the 
industry. 

In reference to claim 4, wherein the system further includes a system that documents the 
solution and the security assumptions using a solution design security methodology (column 2 
lines 30-43). 

In reference to claims 5 and 11-12, wherein the system further provides integrity 
assurance requirements using a standard set of criteria. 

Alsberg discloses the integrity subsystem providing integrity requirement (part 76 Fig. 5) 
At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to provide the integrity requirements as in Alsberg in the system of Bowman- 
Amuah. One of ordinary skill in the art would have been motivated to do this because the audit 
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subsystem gives a view of the system which allows the system to be analyzed and changed to 
make it more secure. 

In reference to claim 6 wherein the standard set of criteria are in accordance with ISO 

15408. 

Although Bowman- Amuah discloses the use of standards, Bowman- Amuah does not 
expressly disclose the use of industrial standards. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use industrial standards. One of ordinary skill in the art would have been 
motivated to do this because it would make the device compatible with other devices in the 
industry. 

In reference to claim 10, wherein the method further includes the step of documenting the 
solution environment and security assumptions and using the environment and security 
assumptions in developing the security properties of the overall solution (column 17 lines 64-67). 

In reference to claim 13 wherein the step of determining the security properties of the 
overall solution includes the step of using the Common Criteria of ISO Standard 15408. 

Although Bowman- Amuah discloses the use of standards, Bowman- Amuah does not 
expressly disclose the use of industrial standards. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use industrial standards. One of ordinary skill in the art would have been 
motivated to do this because it would make the device compatible with other devices in the 
industry. 
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In reference to claims 14-15 wherein the step of using industry standard security criteria 
includes the step of using Common Criteria, which conforms to ISO Standard 15408. 

Although Bowman- Amuah discloses the use of standards, Bowman- Amuah does not 
expressly disclose the use of industrial standards. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use industrial standards. One of ordinary skill in the art would have been 
motivated to do this because it would make the device compatible with other devices in the 
industry. 

In reference to claim 16, wherein the step of enumerating security requirements for 
infrastructure components and operations includes the step of identifying, enumerating and 
describing a number of standard security subsystems that in total represent the security function 
of the solution (column 49 line 66 to column 50 lines 53). 

Claims 8-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over Bowman- 
Amuah in view of Alsberg as applied to claim 7 above, and further in view of Leighton et al 
(5,519,778). 

In reference to claim 8, Bowman- Amuah does not disclose ranking the security threats to 
the solution and considering the biggest threats to the security. 

Leighton discloses categorizing (ranking) the security levels and therefore threats 
(column 6 lines 36-45). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to categorize the security levels as in Leighton in the system of Bowman- Amuah. 
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One of ordinary skill in the art would have been motivated to do this because increasing security 
can reduce the performance of the system therefore by using less security for threats that are 
considered lower security increases in performance can be achieved. 

In reference to claim 9, Bowman- Amuah does not disclose the step of ranking the 
security threats to the solution includes the step of doing less for security threats not considered 
substantial threats to the solution. 

Leighton discloses a hierarchy of security protection and therefore grading security needs 
(column 6 lines 37-67) 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to categorize the security levels as in Leighton in the system of Bowman- Amuah. 
One of ordinary skill in the art would have been motivated to do this because increasing security 
can reduce the performance of the system therefore by using less security for threats that are 
considered lower security increases in performance can be achieved. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
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CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Jablon 5,421,006 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W. Klimach whose telephone number is (571) 272-3854. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

The 2100 Tech center will move to Carlyle in October 2004. The new telephone number 
for the receptionist is (571) 272-2100. The examiner's new telephone nufnber will be (571) 272- 
3854. y/^ /j 
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